I'm a privacy pragmatist, writing about the intersection of law, technology, social media and our personal information. If you have story ideas or tips, e-mail me at khill@forbes.com. PGP key here.
These days, I'm a senior online editor at Forbes. I was previously an editor at Above the Law, a legal blog, relying on the legal knowledge gained from two years working for corporate law firm Covington & Burling -- a Cliff's Notes version of law school.
In the past, I've been found slaving away as an intern in midtown Manhattan at The Week Magazine, in Hong Kong at the International Herald Tribune, and in D.C. at the Washington Examiner. I also spent a few years traveling the world managing educational programs for international journalists for the National Press Foundation.
I have few illusions about privacy -- feel free to follow me on Twitter: kashhill, subscribe to me on Facebook, Circle me on Google+, or use Google Maps to figure out where the Forbes San Francisco bureau is, and come a-knockin'.

What they have in common: massive data aggregation. (Photo credit: DonkeyHotey)

The New York Times published two articles on Sunday that perfectly book-end the increasingly fractious debate over online tracking and data aggregation. In one, Natasha Singer, who’s been taking a comprehensive look at privacy issues for the paper, reports on the crazy train that is the state of the non-governmental negotiations over “Do Not Track,” a mechanism that you would be able to use to tell Web sites you don’t want them collecting information about you… or, er, targeting you with ads based on information collected… or, just targeting ads at all… or something like that. The “stakeholders” are still trying to work that out, and as you might guess, the parties doing the tracking don’t particularly want to stop. In the other piece, our old friend Charles Duhigg lays bare the extent to which the presidential campaigns are hoovering up personal intel — thanks to all that tracking! — in order to hone their messages to voters. They know which beer you drink, who’s having financial difficulties, and which sites you go to for, um, entertainment purposes:

In the weeks before Election Day, millions of voters will hear from callers with surprisingly detailed knowledge of their lives. These callers — friends of friends or long-lost work colleagues — will identify themselves as volunteers for the campaigns or independent political groups.

The callers will be guided by scripts and call lists compiled by people — or computers — with access to details like whether voters may have visited pornography Web sites, have homes in foreclosure, are more prone to drink Michelob Ultra than Corona or have gay friends or enjoy expensive vacations.

“Whether voters may have visited pornography Web sites.” So they know whether the voter is a man or not, quipped one of my Twitter followers.

Where does this information come from? Sometimes it comes from public records — such as your voting history — or from the campaign’s informants who actually know you, but the more granular, “Do you enjoy drinking Coronas while on expensive vacations with your gay friends despite the fact that your home is being foreclosed?” stuff comes from data brokers and cookie-dropping companies that specialize in gathering information about you based in part on your online browsing. Yes, advertisers know when you’ve visited a porn site they run ads on. Facebook will too if the porn site adds a “Like” button.

That’s why the current debate over “Do Not Track” is such a heated one. These companies want to keep this data flowing in, while privacy advocates want those browsing the Web to have some control over their data leakage. International standard setting group the World Wide Web Consortium, or W3C has been tasked with coming up with what Do-Not-Track means and how it will work. That basically involves sending hundreds of emails, holding meetings, and trying to find a compromise that works for both those that make their money by collecting this data and targeting ads and those who don’t want them collecting so much data and targeting so many ads.

“[W]hat is really at stake here is the future of the surveillance economy,” writes Singer. And it is a thriving economy after all. From Duhigg’s piece:

While the campaigns say they do not buy data that they consider intrusive, the Democratic and Republican National Committees combined have spent at least $13 million this year on data acquisition and related services. The parties have paid companies like Acxiom, Experian or Equifax, which are currently subjects of Congressional scrutiny over privacy concerns.

Vendors affiliated with the presidential campaigns or the parties said in interviews that their businesses had bought data from Rapleaf or Intelius, companies that have been sued over alleged privacy or consumer protection violations.

These are the credit rating companies and data brokers who you may have never heard of, but who know a lot about you.

Microsoft has a privacy headache.

Singer ably reports out the lengths the advertising industry is going to to keep Do-Not-Track from strangling their industry, including trying to weaken DNT late in the negotiation process and sending an aggrieved letter to Microsoft‘s CEO after the Internet Explorer-offering company announced it would turn on DNT by default in the new version of the browser to be released later this month. One of the advertising groups then issued a press release saying they wouldn’t respect Microsoft’s default DNT signal.

Crazy train. It’s like watching kindergartners argue over six cupcakes when there are 20 people in the class. Except some of the kindergartners have a lot of money to throw at the cupcakes. Ad group Direct Marketing Association revealed yesterday that it’s launching a $1 million PR campaign to try to assuage concerns about tracking and privacy. Via The Hill:

DMA Acting CEO Linda Woolley said the program will “set the record straight about the countless ways that data-driven marketing creates value for consumers — and is an engine of economic growth.”

The initiative will provide at least $1 million to fund lobbying efforts, education and research.

Woolley said the goal of the program is “preventing needless regulation or enforcement that could severely hamper consumer marketing and stifle innovation, tamping down unfavorable media attention, and reminding and educating consumers about the many and varied ways that their needs are met and they are thrilled and delighted.”

As for the public, they may or may not understand what is going on. They don’t love hearing that Obama and Romney know about their visits to YouPorn, but they don’t quite understand how all this data brokering stuff works, finds TrustedID in a recent survey. TrustedID found that only 16% of consumers “have significant or complete understanding of what information data brokers collect,” but a majority are clear on how they would like it to work: “80% of consumers feel that it is important to be able to opt out of the distribution and sale of information or delete the information that data brokers collect.”

That’s in line with how consumers feel about advertisers. In a recent survey out of Berkeley, 60% said they want regulation to “prevent Web sites from collecting information” about them.

If the crazy train derails, government may be forced to step in, though politicians may not be motivated to cut off their access to the juicy data that’s so valuable at campaign time. Keeping my fingers crossed that Candy Crowley asks the presidential candidates about this during the debate tonight.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

rather than attempting to get legislation passed, why doesn’t the EFF and other groups attempt a campaign of teaching about internet privacy and advertising of programs like adblock plus? i hate when the government enters markets, as there is generally little they do other than make everything more annoying and bureaucratic.

I’ll give you their answers (with buzz-words set off by asterisks): Obama: “I think internet privacy is very important, and it’s always been important to me, and that’s why I showed *leadership* in opposition to the *SOPA/PIPA* regulations (had little to do with Internet privacy, but most people -including Romney and Obama- don’t know that). I think that it is important that you have control over how data about you is managed, and I think there are some areas where we can reach some *common sense* *consessus* and have *balanced* regulation to make sure the everyone is *playing by the rules*.”

Note that as no rules exist yet, this is a completely empty and meaningless answer, and he won’t be pressed as to what specifically he thinks those rules should be. If he’s feeling testy, he might also include a barb that his opponent (not calling Romney by name) is heavily swayed by special interests, and would not represent the American people on this issue.

Romney: “I applaud the President’s opposition to SOPA/PIPA, and that is something I also opposed and would oppose as President. However, I don’t think that we should run in and *regulate* without full understanding of the situation. *Over-Regulation* hurts *jobs* and the wider *economy*, and so while some regulation may be necessary, we should not assume government needs to solve this problem. I would favor *free market* based solutions, and only use the *force of government* as a last resort.

At this point, the moderator might ask Romney to specify what, if any regulations in the area of internet privacy he would be in favor of (even though Romney just said he’d prefer a non-government solution). Romney would say something meaninglessly vague like “Any proposed legislation would need to balance privacy of the American people with the rights of small businesses and entrepreneurs, and would have to make sure that we have something that works for everyone”.

At this point, both candidates would be saying almost the exact same thing about what regulation they’d favor (neither one said anything), but the conclusion would be that Romney is avoiding giving details, while Obama has a track record (SOPA/PIPA) of opposing regulation that would hurt Internet users.

nice piece. I have a few quibbles with that nytimes piece on data mining, though.

first, no mention of Aristotle Online? they are the premiere source of demographic and voting data for campaigns. seems like an odd omission.

second, I am wondering about that claim the campaigns can tell if people have been to porn sites. that would require porn sites to use the same ad networks as sites like forbes.com, or allow their data to be mined by third parties. does that really happen? when I have looked at online tracking companies like rapleaf, visits to adult sites were something they were careful to avoid logging. I would guess that is the rule and not the exception.

I suspect the author of that piece was taking a logical leap and didn’t quite make it to the other side.

I think to focus on how consumers would like tracking to work if they understood it is a little misleading, since they don’t understand it, much less understand its role in the broader online ecosystem. In a recent study by the Berkeley Center for Law & Technology, 20% of consumers said they think a Do Not Track button should let them opt out of seeing advertising entirely. They want the web to be free, but they don’t want to pay for it, even in the form of being exposed to ads that they have trained themselves not to see. They’d also like a pony.

The question we need to be asking consumers is not “Do you want advertisers to be able to track your online activities?” but “what kind of tradeoffs are you willing to accept between privacy and free or subsidized information and services?” I doubt we’ll ever really be able to have that conversation in any large-scale way, though. It would require too much self-education on the part of consumers.